8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
0.0004 Low
EPSS
Percentile
15.6%
Node.js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of HTTP/2 CONTINUATION frames, where sending a small amount of HTTP/2 frames packets can cause data to be left in nghttp2 memory after a reset, leading to a race condition when the Http2Session destructor is triggered by an abruptly closed TCP connection.
www.openwall.com/lists/oss-security/2024/04/03/16
hackerone.com/reports/2319584
lists.fedoraproject.org/archives/list/[email protected]/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/
lists.fedoraproject.org/archives/list/[email protected]/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
secdb.alpinelinux.org/v3.19/community.yaml
secdb.alpinelinux.org/v3.19/main.yaml
security.netapp.com/advisory/ntap-20240510-0002/